CVE-2014-2597

Name of the Vulnerable Software and Affected Versions PCNetSoftware RAC Server versions 4.0.4 through 4.0.5

Description The issue allows local users to cause a denial of service, resulting in a disabled keyboard or system crash, by sending a large input buffer to unspecified IOCTL requests in RACDriver.sys. This triggers a buffer over-read.

Recommendations For PCNetSoftware RAC Server versions 4.0.4 and 4.0.5, consider restricting access to the RACDriver.sys module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.